oss-sec mailing list archives

Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability

From: Henrique Montenegro <typoon () gmail com>
Date: Mon, 21 Jan 2013 08:59:06 -0200

The issue can be seen only when PHP's display_errors is set to On.
I have setup a default installation of wordpress 3.5 to display the issue.
 It can be accessed via the URL: http://blog.gilgalab.com.br/?s[]=1

Regards,

Henrique



On Mon, Jan 21, 2013 at 7:59 AM, Agostino Sarubbo <ago () gentoo org> wrote:

On Monday 21 January 2013 00:11:54 Kurt Seifried wrote:

I can't get this to work anywhere. Does it require a specific theme or
configuration? Do you have details that can aid in reproduction?


I can't reproduce too.
--
Agostino Sarubbo / ago -at- gentoo.org
Gentoo Linux Developer

Current thread:

CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique (Jan 20)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Kurt Seifried (Jan 20)
  - Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Agostino Sarubbo (Jan 21)
    - Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique Montenegro (Jan 21)
    - Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Giles Coochey (Jan 21)
    - Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henri Salo (Jan 21)
    - Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique Montenegro (Jan 21)
    - Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Kurt Seifried (Jan 21)
    - Whats worth a CVE? Scott Herbert (Jan 21)
    - Re: Whats worth a CVE? Eitan Adler (Jan 21)
    - Re: Whats worth a CVE? Kurt Seifried (Jan 21)
    - Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Milan Berger (Jan 21)